Botnets: when good devices go bad

botnets prevention

Thanks to Hollywood, we now all know to start running when the light on our domestic robot turns from blue to red. Unfortunately, in real life things are a lot less obvious. So, when your smart toaster joins the dark army and takes on a nation state, you’ll likely be the last to know.



*Image copyright Twentieth Century Fox Film Corporation.

What is a botnet?

A botnet (also known as a Zombie Army) is a group of computers or devices that have been compromised and can be controlled remotely to perform tasks without the knowledge of their owners. Botnets can contain several hundred thousand devices and can be used to execute coordinated attacks.

In the past, botnets were comprised primarily of personal computers. However, today’s proliferation of “smart” home devices with weak security features now offers hackers easier and more numerous targets to infect and “recruit” into the botnets.

Today, botnets represent perhaps the largest cybersecurity threat, capable of taking down government websites and critical infrastructure services like the internet DNS system.  According to Symantec, attacks using IoT botnets have more than doubled in 2015, and continue to be active in 2016.

How do botnets work?

Botnets rely on infected devices that can be controlled remotely. This typically requires that malicious software (malware) be downloaded to the device, giving the attackers control over certain network functions of the device. This malware may be downloaded by the user unintentionally (for example, by visiting a malicious web site, or falling victim to a technical support scam), or can be installed by the attackers without the user’s interaction via a system vulnerability or by defeating (cracking) the device’s logon credentials. Many smart home devices come with default logon credentials that users never change.

Ultimately, any internet-connected device can potentially be infected with botnet malware. Because the value of a botnet-infected device is contingent on the infection remaining undetected, the infected device will not exhibit any unusual behavior to its owner.

Larger botnets may be comprised of hundreds of thousands of malware-infected devices that can be directed to perform a number of coordinated tasks like sending phishing or SPAM email or conducting denial-of-service attacks against websites and other internet servers.

Protecting against botnet infection

Keeping your devices clear of botnet infection is fairly straight-forward, but requires a bit of effort if you have a large number of internet-connected devices. (the number may surprise you — in my household of three I’ve discovered a total of 21 connected devices).

  • For computers, tablets, smart phones and home servers, ensure that you have antivirus and malware protection apps installed and regularly updated.
  • For other devices like network-connected cameras, thermostats, TVs, Wi-Fi routers, printers, vehicles and smart appliances, make sure to update the default username and password to unique and strong credentials, and also update the firmware regularly.


No comments

Comment on this article